Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

ancientribe writes: If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas.

Given that this is something that can be tested, I'd like to see real-world results before jumping to too much conclusion. Auto theft is primarily driven by economics, the demand for parts, rather than a desire to have the vehicle intact. At the moment the Cherokee, Q50, and then new-model Escalade aren't in much demand for parts, and given that none of them are massively-high-volume sellers it's unlikely that theft-for-parts will ever be a big deal with these models.

The most stolen vehicles are the Honda Accord, Honda Civic, Toyota Corolla, and the full-sized trucks from American manufacturers. All high-volume, all in-demand for stock parts.

Don't know where you get your facts, but you might want to check out the California Highway Patrol [ca.gov]'s website. In the trucks section of the report, it comes in at #35 with 137 stolen in 2013. Compared to Honda Civics and Accords with ~20,000 thefts, that's nothing.

I wish that they'd break-down their theft reports based on the platform generation of a vehicle, rather than based on model year, given that interchange usually is smooth between same-platform models across several years. A '94 Integra and an '01 Integra should be lumped-in together, and an '02 Dodge Ram should be lumped in with an '08.

I wish that they'd break-down their theft reports based on the platform generation of a vehicle, rather than based on model year, given that interchange usually is smooth between same-platform models across several years. A '94 Integra and an '01 Integra should be lumped-in together, and an '02 Dodge Ram should be lumped in with an '08.

You're absolutely right about that. Though people would then want the generational differences annotated. And others would nitpick about what's a significant change. Eh, you can't please 'em all.

Given that this is something that can be tested, I'd like to see real-world results before jumping to too much conclusion. Auto theft is primarily driven by economics, the demand for parts, rather than a desire to have the vehicle intact.

Auto theft is big business. It's often carried out literally, with a car carrier. As such, the hackability of the car is less interesting than you might imagine. They're going to pick up the car and take it away anyay, so that they can pick it apart at their leisure.

Auto theft is primarily driven by economics, the demand for parts, rather than a desire to have the vehicle intact.

It's possible for a vehicle to be worth more as parts than as a complete vehicle. As well as being less tracable in that form.Keeping a vehicle largely intact would probably require it to be given the identity of a scrapped one. So that would also tend to make popular models more likely to be stolen.

Personally, I'm interested. But like hacking, their are two colors of hats, just like the the possibilities of a car remotely controlled to hurt/kill someone. And so I still wonder why?
And where I live the reason someone steals a car, is to go somewhere. They,the crook left them unharmed, he needed a ride. The next was insurance to get a next better ride.

Hackable- I can install Debian on it and tweak the engine to play mp3s.

Insecure- Some asshat will ruin your day because the vendor doesn't provide timely patches, or the patches they provide make things worse so you cannot install them, or there is no way to patch things at all, or it's so tedious nobody does it.

We get that you're still upset that the media has managed to take the term "hacker" and turn it into a pejorative, but I don't think that you're ever going to get it back. Probably time to just let it go move on.

I saw the article headline and immediately thought "Cool! Someone figured out how to do neat things with the hardware in the car?" I thought maybe even the car companies were cool enough to enable truly extensible functionality with their entertainment systems or whatnot (wouldn't that be something?). However, in this case, "insecure" wouldn't have been enough, since that would probably refer to their physical security.

I'm not naive - the masses will never use the admittedly ridiculous term "crackers" rather than "hackers" - it just doesn't have the same ring to it. Personally, I love applying the term "script kiddies" to anyone who does harm, even if it doesn't technically apply, since it's rather demeaning. Anyhow, that battle has long since been over. But Slashdot is not a site for the masses. I thought at least "hacking" here was still a term mostly used for clever if sometimes unofficially unauthorized use of one's own hardware in interesting ways. You know, hacking a videogame's cameras or input devices, for instance...

So this is just a basic attack surface analysis of a networked system.
According to the article, the researchers are saying that these vehicles are vulnerable because operational components (brakes, etc.) are on the same network as non-operational components (radio, etc.).

By contrast, the 2014 Jeep Cherokee runs the "cyber physical" features and remote access functions on the same network, Valasek notes. "We can't say for sure we can hack the Jeep and not the Audi, but... the radio can always talk to the brakes," and in the Jeep Cherokee, those two are on the same network, he says.

This does tie in well with and extend their presentation last year where, given access to the car's network, they were able to manipulate its steering and braking systems. The trick will be to subvert one of the remotely accessible systems and then generate the necessary commands on the network in question using that subverted system. Maybe they are saving that presentation for 2015.

If by 2015, you mean 2011, then yes [nytimes.com]. UW and UCSD demonstrated hacking a car via its cellular connection and disabling its brakes, among other things. There's no discussion of taking control of the steering, so maybe the car they worked with didn't have drive-by-wire steering.

Drive-by-wire steering (my understanding of the usage) would mean that the steering wheel sent messages to the steering gear electronically, rather than being physically connected, as the normal way of steering the car. Interfere with, or take over, these messages and you either disable or override the driver's input. I doubt the automakers are about to do that - especia

We've already seen:
- In the wild: A contactless box that opens the doors on parked cars. (Not clear whether this is spoofing the remote-door-unlock keyring fob receiver or getting on to the car's bus to issue unlock commands.)
- Proof-of-concept demonstrations for getting on the bus by successful attacks on communication stack vulnerabilities in more than one of: Cellphone radio (remote help service), handsfree "car is the headset" bluetooth transce

The keyless entry system is on the body-can network which accepts RF signals.The keyless start system is too, which accepts RFID.The body-can is connected via a bridge to the fast-can, which carries all the ECU/Transmission/etc data.The satnav has a microwave antenna and IR receiver for VICS and is attached to the fast can.

The important thing is, no diagnostics are done on the CAN bus. It's all done via a K-Line interface on the obd connector.

Your car sounds like my latest car, a 1997 A8. The Radio in mine is the boring old Delta CC, and the RNS units this old don't have any internet connection (the predominant unit in the USA has a CDROM) so there's not much remote hack value there.

As far as theft goes, however, a device which will read key codes from memory and program a new key is only $100-200. You drop the ignition switch from the column, slap a programmed key blank into the keylock so that its signal is picked up by the immobilizer antenna

I would not to see at this conference the new paper circuitry miniaturized yet. Did enjoy the articles on paper capacitors and transistors. Maybe ic circuits next. Closer and closer to one time destroyable circuits.

I think the issue with this article is that it concentrates too much on networks. It assumes that separating features into different networks is less hackable. Then it states this;

"Each feature of the car is separated on a different network and connected by a gateway,"

Here are two scenarios;1. All systems run on one network. The entry points to the network are very secure and almost impossible to crack. All entry points only allow specific commands to go through. For example the radio portal will not allow a brake command to pass.2. All systems run on different networks connected by a gateway.

Well unless you take over the gateway it does indeed do filtering. It does not simply forward packets but decodes the data and repackages it for different networks. The frames that should be forwarded is statically configured, that is which frames (or individual "signals" from a frame) from which bus should go to where.
So unless there exists a functionality for the infotainment system to send brake frames to the BCM already. You are left left with exploiting each gateway on the way to gain control.

How do you know the inner workings of a gateway you have never seen? I agree that such a gateway should be programmed the way you describe but it is possible for a gateway to just forward messages along with no filtering. My point is that filtering can be done at the entry point just as well as the gateway.

Ok, slashdot just lost my lengthy reply so I'll do it quick one (OK it got ranty torwards the end).

Generally the industry follow standards such as MISRA/OSEK/AUTOSAR, these stipulate static configuration, to do that you use automatic tools, for cost reasons(big driving force in automotive) they optimize the frame packaging for each network so you use less memory and can use cheap parts.

Due to limited bandwidth you have different frame packaging on different networks as well, so in a gatewaying scenario the

But cutting a hose leaves a mark, traceable. A paper circuit, a hack, a corrupted code doesn't. Both leave the brakes not working at the "worst/inopportune/correct" time. Get the Jon done, but if the car doesn't burn our mangle enough, there is visable evidence of a crime. Conjecture? Or fact, now provable to the court? But its getting closer.